Jun 5, 2010

You’ve decided you want to get a better handle on your network. Maybe you’re looking at setting up some monitoring. But then you discover you need to configure this thing called SNMP, and that’s when the problems start. There are things to configure that you’ve never heard of: OIDs, MIBs, traps, informs, polling, and versions. What the heck is all this stuff anyway, and do you need to know it all?

In this first part of a series on SNMP you’ll learn the basics, and see how it can help you make your network more reliable and easier to manage.

What the Heck is SNMP Anyway?

SNMP stands for Simple Network Management Protocol. It is a standard way of monitoring hardware and software from nearly any manufacturer, from Juniper, to Cisco, to Microsoft, Unix, and everything in between. SNMP requires only a couple of basic components to work: a management station, and an agent.

First, a management station is required. The management station is simply software that collects information from your network. Most management stations will poll your network for information regularly. Management stations range from the very simple to highly complex.

Second, the hardware or software that you want to monitor must have an agent running. The agent collects information, and then sends it to the monitoring station when polled. Agents can also send notification to the management station without being polled, for example if an error is detected.

Agents are usually built-in to your network hardware and software – they simply need to be enabled and configured.

What Can It Do?

SNMP is very simple, yet powerful. It has the ability to help you manage your network by:

Provide Read/Write abilities – for example you could use it to reset passwords remotely, or re-configure IP addresses.

Collect information on how much bandwidth is being used.

Collect error reports into a log, useful for troubleshooting and identifying trends.

Can perform active polling, i.e. Monitoring station asks devices for status every few minutes.

Passive SNMP – devices can send alerts to a monitoring station on error conditions.

Versions and Security (or Lack Thereof)

Several versions of SNMP are supported, v1, v2c, and v3. Nearly all monitoring stations support all three versions. So why not simply use the newest version all the time?

Version 1 is the simplest and most basic of the versions, and there may be times where it’s required to support older hardware. But version 2c adds several enhancements to the protocol, such as support for “Informs”. Because of this v2c has become most widely used.

However, a major weakness of v1 and v2c is security. Community strings – the equivalent of passwords – are transmitted in clear text and there is no support for authentication. This creates risk that your community strings could become compromised. This is not good, especially considering the power SNMP has to change device configuration.

SNMP v3 adds a security features that overcome the weaknesses in v1 and v2c, and it should generally be used if possible – especially if you plan to transmit information across unsecured links. However, the extra security makes it much more complex to configure.

Ports and Firewalls

SNMP uses UDP as the transport protocol. If management traffic will traverse firewalls, make sure that the following default ports are open:

UDP 162: Used when agents send unsolicited Traps to the management station

MIBs, OIDs and Traps, Oh My!

The basics of SNMP are simple, but terminology is one of the needlessly complicated parts of SNMP. However, it’s easily understood. In the next article we’ll help clear the confusion around things like “strings”, and “MIBs”.

After that, we’ll look at a few tools you can use to explore SNMP in greater detail, and start using it to automate critical monitoring tasks.